We are thrilled to announce that CockroachDB dedicated, the fully managed single-tenant version of CockroachDB, is now HIPAA-ready and can be used to safely store protected health information (PHI).
Any organization working in healthcare needs to comply with HIPAA requirements to protect sensitive patient data, regardless of whether they’re a “covered entity” (hospital, health insurance plan, pharmacy, etc.) or “business associate” (an organization that works with a covered entity).
At Cockroach Labs we conducted a third-party risk assessment against HIPAA’s security and breach notification rules. We will continue to perform the assessment for CockroachDB dedicated annually.
We know that when organizations trust a third-party service provider to store their data, they typically have strict security and compliance requirements for the service provider to satisfy their enterprise governance and risk management needs. It assumes even more importance for confidential data like PHI, PII, or payment cardholder data. This new milestone will allow companies in the healthcare space to take advantage of CockroachDB dedicated and get the operational efficiency benefits that come with it. It will also allow the SaaS organizations that are building products for healthcare companies to adopt our managed database offering.
HIPAA-ready clusters are available in the dedicated advanced plan. This capability is an addition to existing certifications including PCI-DSS and SOC 2 Type 2.
For customers who are interested, Cockroach Labs can sign a Business Associate Agreement (BAA).
